Introduction:
This article discusses the threat of Q-Day coupled with the role generative artificial intelligence. In short, the once unfathomable idea of a million years or longer to crack SSL/TLS security is no longer fiction but reality in reach.
Is Q-Day Another Government Holiday?
Well that is one way of looking at the matter. Then again, if Q-Day is slated to become a government holiday, it would probably be on the least celebrated list or otherwise certainly the least appreciated holiday. Why? Q-Day is the projected date when quantum computers are able to break current internet cryptography standards. What Internet standards are we talking about? Well pretty much all or most of the current standards. For example, the internet standard for making online internet purchases via Secure Socket Layer (SSL) in conjunction with Transport Layer Security (“TLS”) communication relies on at risk cryptography standards.
In a nutshell, prior to quantum computers becoming mainstream, quantum computing was originally, almost, exclusively isolated to governments, across the globe, as governments were primarily the only ones who could afford them. Furthermore, a number of governments, globally, set regulations on access to quantum computing for national security reasons. That quantum computing limited access climate is changing and generative artificial intelligence e.g. Gen AI is accelerating the Q-Day threat.
“Q-Day is a looming, unspecified date when quantum computers become powerful enough to break current public-key encryption. The impact is going to be massive—with all sensitive data protected by today’s commonly used encryption algorithms exposed, the entire world would experience a massive data breach.” IBM Talks Q-Day.
The Role of Gen AI in Q-Day
Once upon a time, you could visit a website like, robotform, to get an idea as to the strength of your password thus helping you determine if your chosen password was safe. For example, passwordmonster predicts how long a hacker could crack a password like say a Wi-Fi password or even worse a computer login password. Well technically speaking, a bad Wi-Fi password would be worse as such could be and usually is targeted over the air (“OTA”) malware. At least in the bad computer password situation, physical access to the computer is required. In any event, for this example a password consisting of only 10 characters including only lower case, and two numerical digits with no special characters could be cracked by a hacker in as little as two days. A quantum computer could crack that password in shorter than a nanosecond.
With Gen AI quickly approaching a mainstream norm, the Q-Day threat is greatly accelerated. How so? Gen AI is virtually the wild wild west with accessibility to anyone with a few hundred bucks or fewer via subscription. So a typical Gen AI scenario looks like this: Gen AI via leveraging deep packet inspection (“DPI”) can capture traffic at will and save it to a file. At the point with the traffic saved to a file, Gen AI can literally sit there and run computations against the traffic file, targeting the traffic header in hopes of decryption of the SSL/TLS keys. This approach is known as Harvest Now, Decrypt Later (“HNDL”). Gen AI does not get tired and can truly run millions of computations in very short periods of time, in hopes of cracking the encryption keys. Upon success, the data payload is decrypted thereby exposing the private once secure information – as if the data was never secured in the first place. So sensitive information then becomes open book information to any two bit hacker or nation state bad actor. Translation: credit card information exposed. identity information exposed. financial information exposed. You get the picture. Hopefully.
Consider yourself warned, again, as if you haven’t been warned time and again about open insecure Wi-Fi, weak insecure passwords, public Wi-Fi usage and so forth. You no longer can assume that your internet security provider (“ISP”) is your friend and looking out for your best interest. We are living in a post-COVID-19 WOKE world, coupled with the influx of wild wild west Gen AI technology, and quantum computing within procurement reach for a number of corporations which was once unfathomable. For the everyday user, if you like your information – well staying – your information, you need to take action – today! Upgrade your passwords across the board. Don’t just hop on any public Wi-Fi – ask questions, verify: if it feels unsafe decline to use and wait until you get home or to work. As for home Wi-Fi, continuing to fool yourself about the reality of hackers, bad state actors, etc., and leaving your own Wi-Fi network open to attacks via weak insecure passwords lacking password rotation -- will lead to disastrous financial and legal consequences. It’s time to grow up to the reality of technology.